From cb6521f977537d758c3c98f87f19ef65bab00611 Mon Sep 17 00:00:00 2001
From: Gareth Coles <gdude2002@gmail.com>
Date: Sat, 23 Jun 2018 22:10:39 +0100
Subject: [API] Check for DB-nuking empty data in users POST

---
 pysite/views/api/bot/user.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'pysite/views/api/bot/user.py')

diff --git a/pysite/views/api/bot/user.py b/pysite/views/api/bot/user.py
index ced39306..febddd64 100644
--- a/pysite/views/api/bot/user.py
+++ b/pysite/views/api/bot/user.py
@@ -4,7 +4,7 @@ from flask import jsonify, request
 from schema import Optional, Schema
 
 from pysite.base_route import APIView
-from pysite.constants import ValidationTypes
+from pysite.constants import ErrorCodes, ValidationTypes
 from pysite.decorators import api_key, api_params
 from pysite.mixins import DBMixin
 
@@ -48,6 +48,9 @@ class UserView(APIView, DBMixin):
     def post(self, data):
         logging.getLogger(__name__).debug(f"Size of request: {len(request.data)} bytes")
 
+        if not data:
+            return self.error(ErrorCodes.bad_data_format, "No users supplied")
+
         deletions = 0
         oauth_deletions = 0
         profile_deletions = 0
-- 
cgit v1.2.3